TW202101267A

Movatterモバイル変換

Info

Publication number: TW202101267A
Application number: TW108122867A
Authority: TW
Inventors: 沈家宇; 白仁豪; 林起帆
Original assignee: 第一商業銀行股份有限公司
Priority date: 2019-06-28
Filing date: 2019-06-28
Publication date: 2021-01-01
Also published as: TWI766171B

Abstract

This invention provides an account data processing method and system. A blockchain technology is correspondingly used to provide an operation environment capable of smoothly and safely completing an operation of a deposit account in an appointed link by virtue of a public key encryption and account book sharing mechanism. When a bank terminal completes client verification and account binding, a binding result is encrypted by a public key of an electronic payment platform and transmitted to the electronic payment platform; after the bonding result is decrypted by the electronic payment platform by using a corresponding private key, the information is issued to a node of each cooperative bank; meanwhile, the data reading permission of each cooperative bank may be restricted to ensure that there is encryption protection when account data is returned to an electronic payment dealer; and when a data access process of a single node is maliciously invaded and falsified, the data is inconsistent with data of other nodes so as to fail in falsification.

Description

Translated fromChinese

帳戶資料處理方法及帳戶資料處理系統Account data processing method and account data processing system

本發明是有關於一種防止未經授權行為的保護計算機裝置組件，程式或資料的方法與系統，特別是指一種藉由平台保護資料存取，例如使用金鑰或控制存取規則的方法與系統，或保護資料完整性的方法與系統，例如查合法，驗證或簽章。The present invention relates to a method and system for protecting computer device components, programs or data to prevent unauthorized behaviors, in particular to a method and system for protecting data access by a platform, such as using keys or controlling access rules , Or methods and systems to protect the integrity of the data, such as legal verification, verification or signature.

現有的電子支付系統用戶的帳戶註冊機制，須配合銀行端連線交握以進行多項身分驗證程序，例如：手機號碼驗證、網路銀行帳號、密碼驗證，帳戶綁定…等，當用戶透過行動裝置在電子支付系統與銀行端所建置的帳戶資料不一致或缺漏時，例如，用戶先從行動裝置透過網路連線在銀行端進行開戶作業，之後再從行動裝置透過網路連線在電子支付系統進行註冊，若在二者留存的資料不同，此時該用戶須以行動裝置透過網路連線補齊在銀行端留存的相關資料，再由銀行端驗證更新後的資料及其在電子支付系統留存資料，以繼續完成帳戶綁定作業。The account registration mechanism of the existing electronic payment system users must cooperate with the bank-side connection and handshake to perform multiple identity verification procedures, such as: mobile phone number verification, online banking account number, password verification, account binding... etc. When the user moves through When the account information created by the device in the electronic payment system and the bank is inconsistent or missing, for example, the user first opens an account at the bank through a network connection from the mobile device, and then connects to the electronic The payment system is registered. If the information stored in the two is different, the user must use the mobile device to complete the relevant information stored in the bank through the network connection, and then the bank will verify the updated information and its electronic The payment system retains the information to continue the account binding operation.

然而，當銀行端從電子支付系統接收的帳戶的電子支付綁定資訊是以專屬憑證加密機制進行驗證，但銀行端回覆到電子支付系統的綁定結果並無加密處理，容易造成資訊傳輸過程中內容外洩的資安疑慮，且由於電子支付系統並無客戶先前在銀行端建立的帳戶資料，若資料在傳輸過程中遭到第三方惡意竄改，電子支付系統也無法比對綁定結果之正確性。However, when the electronic payment binding information of the account received by the bank from the electronic payment system is verified by a proprietary certificate encryption mechanism, the binding result of the bank's reply to the electronic payment system is not encrypted, which is likely to cause the information transmission process There are information security concerns about content leakage, and because the electronic payment system does not have the customer's previously established account information on the bank side, if the data is maliciously tampered with by a third party during the transmission process, the electronic payment system cannot compare the binding result. Sex.

據此，現有的電子支付系統配合銀行端進行帳戶的驗證相關機制確有改善的必要。Accordingly, the existing electronic payment system cooperates with the bank to verify the relevant mechanism of the account, it is necessary to improve.

因此，本發明的一目的，即在提供一種改善先前技術至少一個缺點的的帳戶資料處理方法。Therefore, an object of the present invention is to provide an account data processing method that improves at least one of the disadvantages of the prior art.

於是，本發明帳戶資料處理方法，由一帳戶資料處理系統執行，該帳戶資料處理系統包含一行動裝置、一電子支付主機、多個銀行處理設備，及一區塊鏈主機，該電子支付主機與該行動裝置通訊連接，並儲存一支付主機私鑰，及多個銀行公鑰，該等銀行處理設備與該電子支付主機通訊連接，並分別對應多個銀行代碼，且每一銀行處理設備各自儲存一對應於該等銀行公鑰其中之一，且各不相同的銀行私鑰、一對應於該支付主機私鑰，且皆相同的支付主機公鑰、多筆帳戶識別碼，及多筆分別與該等帳戶識別碼對應的個人資料，該區塊鏈主機與該等銀行處理設備及電子支付主機通訊連接，並提供一用以記錄該行動裝置所發送訊息的相關資料的分散式帳本。Therefore, the account data processing method of the present invention is implemented by an account data processing system. The account data processing system includes a mobile device, an electronic payment host, a plurality of bank processing equipment, and a blockchain host. The mobile device is in communication connection and stores a payment host private key and a plurality of bank public keys. The bank processing devices are in communication connection with the electronic payment host and correspond to a plurality of bank codes, and each bank processing device stores separately One corresponding to one of the bank public keys and different bank private keys, one corresponding to the payment host private key and all the same payment host public key, multiple account identification codes, and multiple accounts The personal data corresponding to the account identification codes, the blockchain host communicates with the bank processing equipment and the electronic payment host, and provides a distributed ledger for recording relevant information of the messages sent by the mobile device.

該帳戶資料處理方法包含以下步驟：The account data processing method includes the following steps:

(C)其中一銀行處理設備以該支付主機公鑰對一綁定結果加密以產生一加密綁定結果，且傳送到該電子支付主機，該綁定結果相關於將該多筆帳戶識別碼的其中之一綁定電子支付。(C) One of the bank processing equipment encrypts a binding result with the payment host public key to generate an encrypted binding result, and transmits it to the electronic payment host. The binding result is related to the multiple account identification codes. One of them is bound to electronic payment.

(D)該電子支付主機以對應於該支付主機公鑰的該支付主機私鑰對該加密綁定結果進行解密，以得到一解密綁定結果，且傳送到該區塊鏈主機。(D) The electronic payment host decrypts the encrypted binding result with the payment host's private key corresponding to the public key of the payment host to obtain a decrypted binding result, and transmits it to the blockchain host.

又，本發明的另一目的，即在提供一種可改善現有技術缺點的其中至少一個的帳戶資料處理系統。Moreover, another object of the present invention is to provide an account data processing system that can improve at least one of the disadvantages of the prior art.

於是，本發明帳戶資料處理系統包含一行動裝置、一電子支付主機、多個銀行處理設備，及一區塊鏈主機。Therefore, the account data processing system of the present invention includes a mobile device, an electronic payment host, multiple bank processing equipment, and a blockchain host.

該電子支付主機與該行動裝置通訊連接，並儲存一支付主機私鑰及多個銀行公鑰。The electronic payment host communicates with the mobile device, and stores a payment host private key and multiple bank public keys.

該等銀行處理設備與該電子支付主機通訊連接，並分別對應多個銀行代碼，且每一銀行處理設備各自儲存一對應於該等銀行公鑰其中之一，且各不相同的銀行私鑰、一對應於該支付主機私鑰，且皆相同的支付主機公鑰、多筆帳戶識別碼，及多筆分別與該等帳戶識別碼對應的個人資料。The bank processing equipment is in communication connection with the electronic payment host and corresponds to a plurality of bank codes, and each bank processing equipment stores a bank private key corresponding to one of the bank public keys. One corresponding to the payment host's private key, and all the same payment host's public key, multiple account identification codes, and multiple personal data corresponding to the account identification codes.

該區塊鏈主機與該等銀行處理設備及電子支付主機通訊連接。The blockchain host communicates with the bank processing equipment and the electronic payment host.

其中一銀行處理設備以該支付主機公鑰對一綁定結果加密以產生一加密綁定結果，且傳送到該電子支付主機，該綁定結果相關於將該多筆帳戶識別碼的其中之一綁定電子支付。One of the bank processing equipment encrypts a binding result with the payment host public key to generate an encrypted binding result, and transmits it to the electronic payment host, the binding result is related to one of the plurality of account identification codes Bind electronic payment.

該電子支付主機以對應於該支付主機公鑰的該支付主機私鑰對該加密綁定結果進行解密，以得到一解密綁定結果，且傳送到該區塊鏈主機。The electronic payment host decrypts the encrypted binding result with the payment host private key corresponding to the public key of the payment host to obtain a decrypted binding result, which is transmitted to the blockchain host.

本發明的功效在於：該銀行處理設備將其儲存的多筆帳戶識別碼其中之一綁定電子支付後，將綁定結果以加密型式回傳至電子支付主機，再由電子支付主機進行對應的解密並將解密後的資料存放於該區塊鏈主機，以確保資料在傳輸過程中的保密性。The effect of the present invention is that after the bank processing device binds one of the multiple account identification codes stored in it to the electronic payment, the binding result is transmitted back to the electronic payment host in an encrypted form, and the electronic payment host performs the corresponding Decrypt and store the decrypted data on the blockchain host to ensure the confidentiality of the data during transmission.

本專利構想係於電子支付系統與各合作銀行間藉由區塊鏈技術建立區塊鏈節點，透過公鑰加密、共用帳本技術，提供順暢且安全的約定連結存款帳戶作業環境，區塊鏈（block chain）屬於一種分散式網路資料轉換、儲存技術，其特點為去中心化且內容不可竄改，因此在區塊鏈網路中的每個網路節點主機在收到資料時，是以廣播形式將收到的資料共享給其他網路節點主機，使得區塊鏈網路中的每個節點主機儲存資料皆一致，此外，區塊鏈技術中所稱的廣播通常是係指將資料寫入一公開的分散式帳本（distributed ledger），以供其區塊鏈網路中的其他網路節點主機存取。The patent concept is based on the establishment of blockchain nodes between the electronic payment system and various cooperative banks through blockchain technology. Through public key encryption and shared ledger technology, it provides a smooth and safe operation environment for linking deposit accounts. (Block chain) is a kind of distributed network data conversion and storage technology, which is characterized by decentralization and non-tamperable content. Therefore, when each network node host in the blockchain network receives data, it is The broadcast form shares the received data with other network node hosts, so that each node host in the blockchain network stores the same data. In addition, the broadcast in the blockchain technology usually refers to writing data Enter a public distributed ledger for access by other network node hosts in its blockchain network.

本專利的使用者在電子支付系統註冊會員時，須先進行首次手機驗證，當驗證完成時，例如：透過回填驗證碼或回覆簡訊等方式完成驗證，再由電子支付系統以與其合作的銀行的公鑰對相關的註冊資料進行加密並傳送至該銀行，當該銀行以對應的私鑰解密後，再將此註冊資料儲存到本身的資料庫及其相關分行節點，當使用者完成電子支付會員註冊接著進行帳戶綁定時，該銀行即可自儲存的註冊資料進行再次驗證，待銀行端完成使用者註冊資料驗證及帳戶綁定，銀行端再以電子支付系統對應的公鑰對綁定結果進行加密，並回傳至電子支付系統，並由電子支付系統以自身對應的私鑰解密後，再將解密後的資訊發布至一區塊鏈主機以進行區塊鏈轉換，並將轉換後的資料記錄於一可共享的分散式帳本，每一合作銀行可自該分散式帳本讀取使用者相關資訊，進而確保使用者的註冊資料自銀行回傳至電子支付系統時將有加密保護，並可確保當其中一銀行節點存取資料過程中被惡意入侵並進行資料竄改時，將因與其他合作銀行存取到的區塊鏈轉換相關資料不一致而竄改失敗，以下進一步詳細說明本發明的一實施例。When the user of this patent registers a member in the electronic payment system, he must perform the first mobile phone verification. When the verification is completed, for example, the verification is completed by backfilling the verification code or replying to the short message, and then the electronic payment system will use the bank’s The public key encrypts the relevant registration information and sends it to the bank. After the bank decrypts it with the corresponding private key, the registration information is stored in its own database and its relevant branch node. When the user completes the electronic payment for membership When registering and then binding the account, the bank can re-verify the stored registration data. After the bank has completed the user registration data verification and account binding, the bank will use the public key corresponding to the electronic payment system to bind the result It is encrypted and transmitted back to the electronic payment system. After the electronic payment system decrypts with its own corresponding private key, the decrypted information is released to a blockchain host for blockchain conversion, and the converted The data is recorded in a sharable distributed ledger, and each partner bank can read user-related information from the distributed ledger, thereby ensuring that the user's registration data will be encrypted when returned from the bank to the electronic payment system , And can ensure that when one of the bank nodes is maliciously invaded and tampered with the data in the process of accessing data, the tampering will fail due to inconsistencies with the blockchain conversion related data accessed by other cooperative banks. The following further details the present invention An embodiment.

參閱圖1，本發明帳戶資料處理系統的一實施例，其係基於區塊鏈轉換技術及非對稱加密機制，以確保傳送資料時的不可竄改性及秘密性，該帳戶資料處理系統包含一行動裝置2、一電子支付主機3、多個銀行處理設備4，及一區塊鏈主機5。Referring to Figure 1, an embodiment of the account data processing system of the present invention is based on the blockchain conversion technology and asymmetric encryption mechanism to ensure the non-modification and secrecy when transmitting data. The account data processing system includes anaction Device 2, anelectronic payment host 3, multiple bank processing equipment 4, and ablockchain host 5.

該電子支付主機3與該行動裝置2通訊連接，用以接收該行動裝置3發送的訊息，並儲存一支付主機私鑰，及多個銀行公鑰。Theelectronic payment host 3 is in communication with themobile device 2 to receive the message sent by themobile device 3 and store a payment host private key and multiple bank public keys.

該等銀行處理設備4與該電子支付主機3通訊連接，並分別對應多個銀行代碼，且每一銀行處理設備4各自儲存一對應於該等銀行公鑰其中之一，且各不相同的銀行私鑰、一對應於該支付主機私鑰，且皆相同的支付主機公鑰、多筆帳戶識別碼，及多筆分別與該等帳戶識別碼對應的個人資料，每一銀行處理設備4儲存的每一個人資料各自包含一可變動的儲蓄金額，具體來說，本實施例的每一銀行處理設備4包括至少一儲存該銀行私鑰與該支付主機公鑰的銀行節點主機41，及一與該銀行節點主機41通訊連接，並儲存該等帳戶識別碼與個人資料的銀行中心主機42，對比於實際金融商務應用，該至少一銀行節點主機41代表某一銀行企業的其中一分行，該銀行中心主機42則代表該銀行企業的總行，後續關於銀行處理設備4的運作是以銀行節點主機41及銀行節點主機41做說明，但該銀行節點主機41與該銀行中心主機42彼此間的資料協同運作的方式並不侷限於此種形式。The bank processing devices 4 are in communication connection with theelectronic payment host 3, and respectively correspond to multiple bank codes, and each bank processing device 4 stores a bank corresponding to one of the bank public keys, and each bank is different The private key, one corresponding to the payment host's private key, and the same payment host public key, multiple account identification codes, and multiple personal data corresponding to the account identification codes are stored in each bank processing device 4 Each personal data includes a variable deposit amount. Specifically, each bank processing device 4 of this embodiment includes at least onebank node host 41 storing the bank private key and the payment host public key, and one with the Thebank node host 41 is communicatively connected to thebank center host 42 that stores the account identification codes and personal data. Compared with actual financial business applications, the at least onebank node host 41 represents one of the branches of a certain banking company, and the bank center Thehost 42 represents the head office of the bank enterprise. The subsequent operation of the bank processing device 4 is explained by thebank node host 41 and thebank node host 41, but thebank node host 41 and thebank center host 42 operate in coordination with each other. The way is not limited to this form.

該區塊鏈主機5與每一銀行處理設備4的銀行節點主機41，及電子支付主機3通訊連接，並提供一用以記錄該行動裝置2所發送訊息的相關資料的分散式帳本，需再說明的是，該分散式帳本是採用雜湊函數相關的演算法以處理、儲存該區塊鏈轉換資料，例如： SHA-256雜湊函數。Theblock chain host 5 communicates with thebank node host 41 of each bank processing equipment 4 and theelectronic payment host 3, and provides a distributed ledger for recording the relevant information of the messages sent by themobile device 2. Furthermore, the distributed ledger uses algorithms related to hash functions to process and store the blockchain conversion data, such as SHA-256 hash function.

更具體地說，該電子支付主機3是以公開金鑰加密（Public-key cryptography），或稱非對稱加密（Asymmetric cryptography）機制對該行動裝置2發送訊息的相關資料進行加密，並由對應的銀行處理設備4的銀行節點主機41以相對應的私鑰（private key）對加密後的資料進行解密，而該區塊鏈主機5則是以區塊鏈轉換技術對關於該行動裝置2發送訊息的相關資料的一綁定結果進行區塊鏈轉換，並記錄於該分散式帳本，其實際運作方式將詳述於後。More specifically, theelectronic payment host 3 uses Public-key cryptography, or Asymmetric cryptography, to encrypt the relevant data sent by themobile device 2, and the corresponding Thebank node host 41 of the bank processing equipment 4 decrypts the encrypted data with the corresponding private key, and theblockchain host 5 uses blockchain conversion technology to send messages about the mobile device 2 A binding result of the relevant data is converted to the blockchain and recorded in the distributed ledger. The actual operation method will be detailed later.

參閱圖2，接著說明該實施例執行的一帳戶資料處理方法，包含一註冊步驟(A)、一綁定步驟(B)、一加密綁定結果步驟(C)、一解密綁定結果步驟(D)、一區塊鏈轉換步驟(E)，及一帳本共享步驟(F)。Referring to Fig. 2, an account data processing method implemented in this embodiment will be explained, including a registration step (A), a binding step (B), an encryption binding result step (C), and a decryption binding result step ( D), a block chain conversion step (E), and a book sharing step (F).

該註冊步驟(A)為該行動裝置2、該電子支付主機3，與其中一銀行處理設備4的銀行節點主機41進行三方交握（handshake）通訊，以執行一相關於電子支付的註冊，具體而言，電子支付的註冊為其中一銀行處理設備4的銀行中心主機42依據該電子支付主機3自該行動裝置2接收的一註冊請求後的資料處理產生一綁定結果，該註冊請求指示一對應一銀行代碼的帳戶識別碼，且該帳戶識別碼還對應一筆個人資料，該綁定結果相關於將該註冊請求指示的該帳戶識別碼綁定電子支付，該銀行中心主機42對應的銀行代碼，亦即，該銀行處理設備4對應的銀行代碼與該註冊請求指示的銀行代碼相同，且該行動裝置所發送的該註冊請求的帳戶識別碼為該銀行處理設備的銀行中心主機42所儲存的該等帳戶識別碼其中之一。The registration step (A) is that themobile device 2, theelectronic payment host 3, and thebank node host 41 of one of the bank processing equipment 4 conduct a three-party handshake communication to perform a registration related to electronic payment. In other words, the registration of electronic payment is that thebank center host 42 of one of the bank processing equipment 4 generates a binding result according to the data processing after a registration request received by theelectronic payment host 3 from themobile device 2, and the registration request indicates a An account identification code corresponding to a bank code, and the account identification code also corresponds to a piece of personal data. The binding result is related to the account identification code in the registration request bound to the electronic payment, and the bank code corresponding to thebank center host 42 That is, the bank code corresponding to the bank processing device 4 is the same as the bank code indicated by the registration request, and the account identification code of the registration request sent by the mobile device is stored by thebank center host 42 of the bank processing device One of these account identification codes.

需再說明的是，在該註冊步驟(A)中，該註冊請求指示的該帳戶識別碼與該銀行處理設備4儲存的該等帳戶識別碼其中之一相同，且每一銀行處理設備4的銀行中心主機42儲存的每一帳戶識別碼所對應的個人資料包含一儲蓄金額，該電子支付主機3依據一由該行動裝置2發送的儲值指令自該對應的銀行處理設備4接收一儲值額度，該儲值額度自該儲蓄金額扣除，更具體地說，當該行動裝置2發送的該註冊請求指示的該帳戶識別碼綁定電子支付後，即可透過該電子支付主機3進行網路消費扣款，而消費金額扣除方式可自該儲值額度扣除，此外，該行動裝置2並可藉由發送轉帳指令至該電子支付主機3以進行轉帳，更具體地說，該行動裝置2可透過該電子支付主機3自其對應銀行處理設備4執行轉帳功能，以移轉其儲蓄金額的部份額度至另一同樣有綁定電子支付的帳戶識別碼所對應的儲蓄金額。It should be noted that in the registration step (A), the account identification code indicated by the registration request is the same as one of the account identification codes stored in the bank processing equipment 4, and the The personal data corresponding to each account identification code stored by thebank center host 42 includes a deposit amount, and theelectronic payment host 3 receives a stored value from the corresponding bank processing equipment 4 according to a stored value instruction sent by themobile device 2 The amount of stored value is deducted from the savings amount. More specifically, when the account identification code indicated in the registration request sent by themobile device 2 is bound to the electronic payment, theelectronic payment host 3 can be used to conduct the network Consumption deduction, and the deduction method of consumption amount can be deducted from the stored value limit. In addition, themobile device 2 can send a transfer instruction to theelectronic payment host 3 to perform the transfer. More specifically, themobile device 2 can Theelectronic payment host 3 executes the transfer function from its corresponding bank processing device 4 to transfer the portion of the savings amount to the savings amount corresponding to another account identification code that also has an electronic payment bound.

參閱圖3，進一步說明該註冊步驟(A)的更詳細流程，包含一接收註冊請求子步驟(A1)、一發送驗證碼子步驟(A2)、一回傳確認碼子步驟(A3)、一產生註冊結果子步驟(A4)，及一加密註冊結果子步驟(A5)。Refer to Figure 3 to further illustrate the more detailed process of the registration step (A), including a sub-step of receiving a registration request (A1), a sub-step of sending a verification code (A2), a sub-step of transmitting a confirmation code (A3), and a A sub-step of generating a registration result (A4), and a sub-step of encrypting the registration result (A5).

該接收註冊請求子步驟(A1)為該電子支付主機3接收自該行動裝置2發送的該註冊請求。The sub-step (A1) of receiving the registration request is that theelectronic payment host 3 receives the registration request sent from themobile device 2.

該發送驗證碼子步驟(A2)為該電子支付主機3依據該註冊請求傳送一驗證碼至該行動裝置2。In the sub-step (A2) of sending a verification code, theelectronic payment host 3 transmits a verification code to themobile device 2 according to the registration request.

該回傳確認碼子步驟(A3)為該行動裝置2依據該驗證碼回傳一確認碼至該電子支付主機3。The sub-step (A3) of returning a confirmation code is that themobile device 2 returns a confirmation code to theelectronic payment host 3 according to the verification code.

該產生註冊結果子步驟(A4)為當該電子支付主機3判斷該確認碼與該認證碼相同時，代表通過驗證，並據以產生一註冊結果，並將該註冊結果傳送至該行動裝置2，該註冊結果包含該註冊請求所指示的該帳戶識別碼與對應的該銀行代碼，及該帳戶識別碼對應該筆個人資料。The sub-step (A4) of generating the registration result is that when theelectronic payment host 3 judges that the confirmation code is the same as the authentication code, it means that the verification is passed, and a registration result is generated accordingly, and the registration result is transmitted to themobile device 2 , The registration result includes the account identification code and the corresponding bank code indicated by the registration request, and the account identification code corresponds to the personal data.

該加密註冊結果子步驟(A5)為該電子支付3主機依據該註冊請求指示的帳戶識別碼所對應的該銀行代碼，以對應於相同的銀行代碼的銀行公鑰對該註冊結果加密，並將加密後的註冊結果傳送到對應相同銀行代碼的銀行處理設備4的銀行節點主機41。The sub-step (A5) of the encrypted registration result is that theelectronic payment 3 host encrypts the registration result with the bank public key corresponding to the same bank code according to the bank code corresponding to the account identification code indicated by the registration request, and The encrypted registration result is transmitted to thebank node host 41 of the bank processing device 4 corresponding to the same bank code.

再參閱圖2，該綁定步驟(B)為該行動裝置、該電子支付主機，與在該註冊步驟(A)中的該銀行節點主機41進行三方交握通訊，以執行相關於電子支付的帳戶綁定。Referring again to FIG. 2, the binding step (B) is that the mobile device, the electronic payment host, and thebank node host 41 in the registration step (A) perform a three-party handshake communication to execute the electronic payment related Account binding.

再參閱圖3，進一步說明該綁定步驟(B)中，關於三方交握通訊的詳細流程，包含一比對資料子步驟(B1)、一傳送綁定請求子步驟(B2)，及一產生綁定結果子步驟(B3)。Refer to Figure 3 again to further illustrate the detailed flow of the three-party handshake communication in the binding step (B), including a data comparison sub-step (B1), a sending binding request sub-step (B2), and a generation Binding result sub-step (B3).

在該比對資料子步驟(B1)中，該銀行處理設備4的銀行節點主機41以對應的銀行私鑰對加密後的註冊結果進行解密，並將解密後的結果傳送到該銀行中心主機42，由該銀行中心主機42依據解密後的該註冊結果的帳戶識別碼所對應的個人資料，對與儲存對應於相同的帳戶識別碼的個人資料進行比對，並儲存一對應的比對結果，並將該比對結果傳送至該銀行節點主機41，其中，當該銀行中心主機42比對出該註冊結果的帳戶識別碼對應的個人資料與儲存的個人資料不同時，以該註冊結果的帳戶識別碼對應的個人資料對儲存個人資料進行覆寫。In the data comparison substep (B1), thebank node host 41 of the bank processing device 4 decrypts the encrypted registration result with the corresponding bank private key, and transmits the decrypted result to the bank center host 42 According to the decrypted personal data corresponding to the account identification code of the registration result, the bankcentral host 42 compares the personal data corresponding to the same account identification code with the stored personal data, and stores a corresponding comparison result, And send the comparison result to thebank node host 41, where, when thebank center host 42 compares the personal data corresponding to the account identification code of the registration result is different from the stored personal data, the account of the registration result The personal data corresponding to the identification code overwrites the stored personal data.

該傳送綁定請求子步驟(B2)為該行動裝置2依據該註冊結果傳送一帳戶綁定請求到該電子支付主機3，該帳戶綁定請求包含該註冊請求指示的帳戶識別碼及對應的銀行代碼。The transfer binding request sub-step (B2) is that themobile device 2 sends an account binding request to theelectronic payment host 3 according to the registration result, and the account binding request includes the account identification code indicated by the registration request and the corresponding bank Code.

該產生綁定結果子步驟(B3)為該電子支付主機3將該綁定請求傳送至對應的銀行處理設備4的銀行節點主機41，使銀行節點主機41據以產生該綁定結果，並將該綁定結果儲存於該銀行中心主機42。The sub-step (B3) of generating the binding result is that theelectronic payment host 3 transmits the binding request to thebank node host 41 of the corresponding bank processing device 4, so that thebank node host 41 generates the binding result accordingly, and The binding result is stored in thebank center host 42.

再參閱圖2，該加密綁定結果步驟(C)為在該產生綁定結果子步驟B3中的該銀行節點主機41以該支付主機公鑰對該綁定結果加密以產生一加密綁定結果，且傳送到該電子支付主機3。2 again, the encryption binding result step (C) is that thebank node host 41 in the substep B3 of generating binding result encrypts the binding result with the payment host public key to generate an encrypted binding result , And sent to theelectronic payment host 3.

該解密綁定結果步驟(D)為該電子支付主機3以對應於該支付主機公鑰的該支付主機私鑰對該加密綁定結果進行解密，以得到一對應的解密綁定結果，且傳送到該區塊鏈主機5。The decryption binding result step (D) is that theelectronic payment host 3 decrypts the encryption binding result with the payment host private key corresponding to the payment host public key to obtain a corresponding decryption binding result, and transmit Go to theblockchain host 5.

該區塊鏈轉換步驟(E)為該區塊鏈主機5將該解密綁定結果進行區塊鏈轉換，以產生一區塊鏈轉換資料。In the block chain conversion step (E), theblock chain host 5 performs block chain conversion on the decrypted binding result to generate a block chain conversion data.

該帳本共享步驟(F)為該區塊鏈主機5將該區塊鏈轉換資料記錄於一分散式帳本，並以廣播形式共享給該等銀行處理設備4的銀行節點主機41。The account book sharing step (F) is that theblockchain host 5 records the blockchain conversion data in a distributed account book and shares it to the bank node hosts 41 of the bank processing equipment 4 in a broadcast form.

需再說明的是，該分散式帳本採用雜湊函數演算法儲存該區塊鏈轉換資料，此外，為確保個人資料的隱密性，該電子支付主機可藉該區塊鏈主機設定限制該區塊鏈轉換資料的內容公開程度，及相關銀行處理設備的查閱權限。It should be noted that the distributed ledger uses a hash function algorithm to store the blockchain conversion data. In addition, to ensure the privacy of personal information, the electronic payment host can restrict the area through the blockchain host setting The degree of disclosure of the content of the blockchain conversion data, and the access rights of the relevant bank processing equipment.

綜上所述，本實施例藉由該電子支付主機3先透過驗證該行動裝置2發送的註冊請求後，產生對應註冊結果，再將註冊結果加密並傳送至對應的銀行處理設備4以供其比對個人資料並進行相關資料處理，再由該電子支付主機3配合對應的銀行處理設備4依據帳戶綁定請求進行電子支付綁定，並藉區塊鏈轉換技術公布綁定結果，確保資料在每個傳輸過程的保密性，及不可竄改性，故確實能達成本發明的目的。In summary, in this embodiment, theelectronic payment host 3 first verifies the registration request sent by themobile device 2 to generate the corresponding registration result, and then encrypts the registration result and transmits it to the corresponding bank processing device 4 for it The personal data is compared and related data is processed, and then theelectronic payment host 3 cooperates with the corresponding bank processing equipment 4 to perform electronic payment binding according to the account binding request, and use the blockchain conversion technology to announce the binding result to ensure that the data is in The confidentiality of each transmission process and the inability to modify it can indeed achieve the purpose of the invention.

惟以上所述者，僅為本發明的實施例而已，當不能以此限定本發明實施的範圍，凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾，皆仍屬本發明專利涵蓋的範圍內。However, the above are only examples of the present invention. When the scope of implementation of the present invention cannot be limited by this, all simple equivalent changes and modifications made in accordance with the scope of the patent application of the present invention and the content of the patent specification still belong to Within the scope of the patent for the present invention.

2:行動裝置3:電子支付主機4:銀行處理設備41:銀行節點主機41:銀行節點主機5:區塊鏈主機A:註冊步驟B:綁定步驟C:加密綁定結果步驟D:解密綁定結果步驟E:區塊鏈轉換步驟F:帳本共享步驟A1:接收註冊請求子步驟A2:發送驗證碼子步驟A3:回傳確認碼子步驟A4:產生註冊結果子步驟A5:加密註冊結果子步驟B1:比對資料子步驟B2:傳送綁定請求子步驟B3:產生綁定結果子步驟2: mobile device3: Electronic payment host4: Bank processing equipment41: Bank Node Host41: Bank Node Host5: Blockchain hostA: Registration stepsB: binding stepsC: Encryption binding result stepsD: Steps to decrypt the binding resultE: Blockchain conversion stepsF: Accounting sharing stepsA1: Sub-steps of receiving registration requestA2: Sub-step of sending verification codeA3: Sub-step of returning confirmation codeA4: Sub-steps for generating registration resultsA5: Substeps of Encrypting Registration ResultsB1: Sub-step of comparing dataB2: Sub-steps for transmitting binding requestB3: Sub-steps for generating binding results

本發明的其他的特徵及功效，將於參照圖式的實施方式中清楚地呈現，其中：圖1是一方塊圖，說明本發明帳戶資料處理系統的一實施例；圖2是一流程圖，說明該實施例執行的一帳戶資料處理方法；及圖3是一流程圖，輔助說明該帳戶資料處理方法的細部流程。Other features and effects of the present invention will be clearly presented in the embodiments with reference to the drawings, in which:Figure 1 is a block diagram illustrating an embodiment of the account data processing system of the present invention;Figure 2 is a flowchart illustrating an account data processing method implemented in this embodiment; andFigure 3 is a flowchart to assist in explaining the detailed flow of the account data processing method.

2:行動裝置2: mobile device

3:電子支付主機3: Electronic payment host

4:銀行處理設備4: Bank processing equipment

41:銀行節點主機41: Bank Node Host

42:銀行中心主機42: Bank Center Host

5:區塊鏈主機5: Blockchain host

Claims

Translated fromChinese

一種帳戶資料處理方法，由一帳戶資料處理系統執行，該帳戶資料處理系統包含一行動裝置、一電子支付主機、多個銀行處理設備，及一區塊鏈主機，該電子支付主機與該行動裝置通訊連接，並儲存一支付主機私鑰，及多個銀行公鑰，該等銀行處理設備與該電子支付主機通訊連接，並分別對應多個銀行代碼，且每一銀行處理設備各自儲存一對應於該等銀行公鑰其中之一，且各不相同的銀行私鑰、一對應於該支付主機私鑰，且皆相同的支付主機公鑰、多筆帳戶識別碼，及多筆分別與該等帳戶識別碼對應的個人資料，該區塊鏈主機與該等銀行處理設備及電子支付主機通訊連接，該帳戶資料處理方法包含：(C)其中一銀行處理設備以該支付主機公鑰對一綁定結果加密以產生一加密綁定結果，且傳送到該電子支付主機，該綁定結果相關於將該多筆帳戶識別碼的其中之一綁定電子支付；及(D) 該電子支付主機以對應於該支付主機公鑰的該支付主機私鑰對該加密綁定結果進行解密，以得到一解密綁定結果，且將該解密綁定結果傳送到該區塊鏈主機。An account data processing method executed by an account data processing system. The account data processing system includes a mobile device, an electronic payment host, a plurality of bank processing equipment, and a blockchain host, the electronic payment host and the mobile device Communication connection and storage of a payment host private key and multiple bank public keys. The bank processing devices are in communication connection with the electronic payment host and correspond to multiple bank codes, and each bank processing device stores a corresponding One of these bank public keys, each with different bank private keys, one corresponding to the payment host’s private key, and the same payment host’s public key, multiple account identification codes, and multiple accounts respectively associated with these accounts The personal data corresponding to the identification code, the blockchain host communicates with the bank processing equipment and the electronic payment host, and the account data processing methods include:(C) One of the bank processing equipment encrypts a binding result with the payment host public key to generate an encrypted binding result, and transmits it to the electronic payment host. The binding result is related to the multiple account identification codes. One of them is bound to electronic payment; and(D) The electronic payment host decrypts the encryption binding result with the payment host's private key corresponding to the payment host public key to obtain a decrypted binding result, and transmits the decrypted binding result to the block Chain host.

如請求項1所述的帳戶資料處理方法，該區塊鏈主機提供一用以記錄該行動裝置所發送訊息的相關資料的分散式帳本，其中，還包含：(E)該區塊鏈主機將該解密綁定結果進行區塊鏈轉換，以產生一區塊鏈轉換資料；及(F)該區塊鏈主機將該區塊鏈轉換資料記錄於該分散式帳本以共享給該等銀行處理設備，該分散式帳本採用雜湊函數演算法儲存該區塊鏈轉換資料。According to the method for processing account data in claim 1, the blockchain host provides a distributed ledger for recording related data of messages sent by the mobile device, which further includes:(E) The blockchain host performs blockchain conversion on the decrypted binding result to generate a blockchain conversion data; and(F) The blockchain host records the blockchain conversion data in the distributed ledger for sharing with the bank processing equipment, and the distributed ledger uses a hash function algorithm to store the blockchain conversion data.

如請求項1所述的帳戶資料處理方法，還包含：(A)該行動裝置、該電子支付主機與該等銀行處理設備的其中之一進行三方交握通訊，以執行一相關於電子支付的註冊；及(B)該行動裝置、該電子支付主機與該等銀行處理設備的其中之一進行三方交握通訊，以執行一相關於電子支付的帳戶綁定。The account data processing method described in claim 1, further including:(A) The mobile device, the electronic payment host, and one of the bank processing equipment conduct a three-way handshake communication to perform a registration related to electronic payment; and(B) The mobile device, the electronic payment host, and one of the bank processing equipment perform a three-party handshake communication to perform an account binding related to electronic payment.

如請求項3所述的帳戶資料處理方法，其中，該步驟(A)包括以下子步驟：(A1)該電子支付主機自該行動裝置接收一註冊請求，該註冊請求指示一對應一銀行代碼的帳戶識別碼，且該帳戶識別碼還對應一筆個人資料，該綁定結果相關於將該註冊請求指示的該帳戶識別碼綁定電子支付，該銀行處理設備對應的銀行代碼與該註冊請求指示的銀行代碼相同；(A2)該電子支付主機並依據該註冊請求傳送一驗證碼至該行動裝置，(A3)該行動裝置依據該驗證碼回傳一確認碼至該電子支付主機，(A4)當該電子支付主機判斷該確認碼與該認證碼相同時，產生一註冊結果，並將該註冊結果傳送至該行動裝置，該註冊結果包含該註冊請求所指示的該帳戶識別碼與對應的該銀行代碼，及該帳戶識別碼對應該筆個人資料，及(A5)該電子支付主機依據該註冊請求指示的帳戶識別碼所對應的該銀行代碼，以對應於相同的銀行代碼的銀行公鑰對該註冊結果加密，並將加密後的註冊結果傳送到對應相同銀行代碼的銀行處理設備。The account data processing method according to claim 3, wherein the step (A) includes the following sub-steps:(A1) The electronic payment host receives a registration request from the mobile device, the registration request indicates an account identification code corresponding to a bank code, and the account identification code also corresponds to a piece of personal information. The binding result is related to the registration The account identification code indicated in the request is bound to the electronic payment, and the bank code corresponding to the bank processing device is the same as the bank code indicated in the registration request;(A2) The electronic payment host sends a verification code to the mobile device according to the registration request,(A3) The mobile device returns a confirmation code to the electronic payment host according to the verification code,(A4) When the electronic payment host determines that the confirmation code is the same as the authentication code, it generates a registration result, and transmits the registration result to the mobile device. The registration result includes the account identification code and the account identification code indicated by the registration request. The corresponding bank code, and the account ID corresponding to the personal data, and(A5) The electronic payment host encrypts the registration result with the bank public key corresponding to the same bank code according to the bank code corresponding to the account identification code indicated by the registration request, and transmits the encrypted registration result to the corresponding Bank processing equipment with the same bank code.

如請求項3所述的帳戶資料處理方法，其中，該步驟(B)包括以下子步驟：(B1)該銀行處理設備以對應的銀行私鑰對加密後的註冊結果進行解密，並依據解密後的該註冊結果的帳戶識別碼所對應的個人資料，對與儲存對應於相同的帳戶識別碼的個人資料進行比對，並儲存一對應的比對結果，(B2)該行動裝置依據該註冊結果傳送一帳戶綁定請求到該電子支付主機，該帳戶綁定請求包含該註冊請求指示的帳戶識別碼及對應的銀行代碼，及(B3)該電子支付主機將該綁定請求傳送至對應的銀行處理設備，使該銀行處理設備據以產生該綁定結果。The account data processing method according to claim 3, wherein the step (B) includes the following sub-steps:(B1) The bank processing device decrypts the encrypted registration result with the corresponding bank private key, and based on the decrypted personal data corresponding to the account identification code of the registration result, the account identification code corresponding to the same Compares the personal data of and saves a corresponding comparison result,(B2) The mobile device transmits an account binding request to the electronic payment host according to the registration result, and the account binding request includes the account identification code indicated by the registration request and the corresponding bank code, and(B3) The electronic payment host transmits the binding request to the corresponding bank processing device, so that the bank processing device generates the binding result accordingly.

如請求項5所述的帳戶資料處理方法，其中，該步驟(B1)，當該銀行處理設備比對出該註冊結果的帳戶識別碼對應的個人資料與儲存的個人資料不同時，以該註冊結果的帳戶識別碼對應的個人資料對儲存個人資料進行覆寫。The account data processing method according to claim 5, wherein, in this step (B1), when the bank processing equipment compares the personal data corresponding to the account identification code of the registration result and the stored personal data, the registration The personal data corresponding to the account ID of the result overwrites the stored personal data.

如請求項4所述的帳戶資料處理方法，其中，該註冊請求指示的該帳戶識別碼與該銀行處理設備儲存的該等帳戶識別碼其中之一相同，且每一銀行處理設備的每一帳戶識別碼所對應的個人資料包含一儲蓄金額，該電子支付主機依據一由該行動裝置發送的儲值指令自該對應的銀行處理設備接收一儲值額度，該儲值額度自該儲蓄金額扣除，該綁定電子支付的帳戶識別碼所對應的個人資料的儲蓄金額還依據一轉帳指而減少一對應的轉帳金額，該轉帳指令由發送指示該帳戶識別碼的註冊請求的該行動裝置執行。The account data processing method according to claim 4, wherein:The account identification code indicated by the registration request is the same as one of the account identification codes stored in the bank processing equipment, and the personal data corresponding to each account identification code of each bank processing equipment includes a deposit amount,The electronic payment host receives a stored value quota from the corresponding bank processing equipment according to a stored value instruction sent by the mobile device, and the stored value quota is deducted from the deposit amount,The savings amount of the personal data corresponding to the account identification code of the bound electronic payment is also reduced by a corresponding transfer amount according to a transfer instruction, and the transfer instruction is executed by the mobile device that sends a registration request indicating the account identification code.

一種帳戶資料處理系統，包含：一行動裝置；一電子支付主機，與該行動裝置通訊連接，並儲存一支付主機私鑰，及多個銀行公鑰；多個銀行處理設備，與該電子支付主機通訊連接，並分別對應多個銀行代碼，且每一銀行處理設備各自儲存一對應於該等銀行公鑰其中之一，且各不相同的銀行私鑰、一對應於該支付主機私鑰，且皆相同的支付主機公鑰、多筆帳戶識別碼，及多筆分別與該等帳戶識別碼對應的個人資料；及一區塊鏈主機，與該等銀行處理設備及電子支付主機通訊連接，其中一銀行處理設備以該支付主機公鑰對一綁定結果加密以產生一加密綁定結果，且傳送到該電子支付主機，該綁定結果相關於將該多筆帳戶識別碼的其中之一綁定電子支付，該電子支付主機以對應於該支付主機公鑰的該支付主機私鑰對該加密綁定結果進行解密，以得到一解密綁定結果，且傳送到該區塊鏈主機。An account data processing system, including:A mobile device;An electronic payment host communicates with the mobile device and stores a payment host private key and multiple bank public keys;Multiple bank processing devices are in communication with the electronic payment host and correspond to multiple bank codes, and each bank processing device stores a bank private key corresponding to one of the bank public keys, and each is different , One corresponding to the payment host's private key and the same payment host's public key, multiple account identification codes, and multiple personal data corresponding to the account identification codes; andA blockchain host, which communicates with these bank processing equipment and electronic payment hosts,One of the bank processing equipment encrypts a binding result with the payment host public key to generate an encrypted binding result, and transmits it to the electronic payment host, the binding result is related to one of the plurality of account identification codes Bind electronic payment,The electronic payment host decrypts the encrypted binding result with the payment host private key corresponding to the public key of the payment host to obtain a decrypted binding result, which is transmitted to the blockchain host.

如請求項8所述的帳戶資料處理系統，其中，該區塊鏈主機提供一用以記錄該行動裝置所發送訊息的相關資料的分散式帳本，該區塊鏈主機將該解密綁定結果進行區塊鏈轉換，以產生一區塊鏈轉換資料，該區塊鏈主機將該區塊鏈轉換資料記錄於該分散式帳本以共享給該等銀行處理設備，該分散式帳本採用雜湊函數演算法儲存該區塊鏈轉換資料。The account data processing system according to claim 8, wherein the blockchain host provides a distributed ledger for recording related data of messages sent by the mobile device,The blockchain host performs blockchain conversion on the decrypted binding result to generate a blockchain conversion data,The block chain host records the block chain conversion data in the distributed ledger to share with the bank processing equipment, and the distributed ledger uses a hash function algorithm to store the block chain conversion data.

如請求項9所述的帳戶資料處理系統，其中，該行動裝置、該電子支付主機與該等銀行處理設備的其中之一進行三方交握通訊，以執行一相關於電子支付的註冊，且該行動裝置、該電子支付主機與該等銀行處理設備的其中之一進行三方交握通訊，以執行一相關於電子支付的帳戶綁定。The account data processing system according to claim 9, wherein:The mobile device, the electronic payment host, and one of the bank processing equipment conduct a three-party handshake communication to perform a registration related to electronic payment,And the mobile device, the electronic payment host, and one of the bank processing equipment perform a three-party handshake communication to perform an account binding related to electronic payment.